[snip] $2B isn't an insurmountable barrier. It is well within most intelligence agencies' budgets, and that price will only get lower. --- Agreed. Imagine what intelligence agencies could gain by turning your most valuable employees for secrets.
At present, if you have the sophistication to break an "interesting" key, you could have the sophistication to not be detected MITM. The difference between inserting/replacing a valid flow, and simply listening [unless the attacker is stupid] isn't that big a difference from a detection [of the attack] point of view.
No one is going to spend millions of dollars to get at most the same millions of dollars of back in credit card fraud [good money after bad]. Anyone who is relying on these commercial architectures to secure gov't secrets or secrets worthy of an intelligence outfit's attention is a moron [for numerous reasons]. If all you are doing is trying to secure machines against script kiddies, starting huge public debates and initiatives and
Passive attacks are, by definition, undetectable. Active attacks are not; some are simply more detectable than others. --- I disagree about passive attacks, but I won't go into all of the reasons here. Passive attacks, by my definition, only imply that they do not interrupt the flow they are observing. [interrupt, at least at a macroscopic level]. For an example of passive monitoring that can be detected, look at the example of how one would sniff live fiber in the field [without splicing or introducing electronics]. Or for a more common place example, think of an induction coil next to an electrical wire. Its a passive attack, but is _definitely_ detectable. the
like seems like overkill to me. [investment is greater than reward]. YMMV.
Remember that there is no international law preventing a country's intelligence agency from committing industrial espionage for its own companies (and in fact this is common practice). --- Sure, no argument. Also, remember that the US Military has considered, and may very well be using, IPsec in the field to coordinate military maneuvers. I think you're really missing the main point with that $2 billion figure. The "big surprise" is that we might be able to put a price-point on factoring 1024 bit keys -- previously, they were thought to be "secure forever". ---- I guess this is an assumption we don't all share. You know what they say about assumptions. A machine that costs $2 billion today, according to Moore's law, will cost about $200,000 20 years from now. Not counting inflation. That will be well within many people's budgets. --- Also agreed. Anyone who thinks the shelf life of their keys is 20 years, or the information captured today is valuable for more than a couple of years, then they are making generous assumptions too. If its a big surprise that any key of any arbitrary length can be cracked in finite time and in finite resources, I think people haven't been thinking about the information presented in the security books out there. Most of the estimates that say anything is "unbreakable" don't recognize that Moore's law is real, and accelerating... Deepak Jain AiNET